Bug 56102

Summary: SSL_CLIENT_S_DN_x509_0 is undefined in the environment table
Product: Apache httpd-2 Reporter: Willy Weisz <willy.weisz>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED WONTFIX    
Severity: normal CC: willy.weisz
Priority: P2    
Version: 2.4.6   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Willy Weisz 2014-02-03 12:06:54 UTC 
According to the description for mod_ssl multiple occurrences of x509 components are returned with a "_n" suffix, with n starting at 0. The description also explicitly states that both forms ..._x509 and ..._x509_0 return the same value, the first ..._x509 attribute value.
My issue was that SSL_CLIENT_S_DN_OU returned the correct value, but SSL_CLIENT_S_DN_OU_0 was undefined.
Providing ..._x509_0 provides allows to write compact code when scanning through multiple same name attributes, whereas the present situation forces one to single out the first component.
Comment 1 Willy Weisz 2014-02-13 16:19:42 UTC 
Sorry: The description of mod_ssl is correct in that it says that no _0 variable is available in the environment table. But the fact remains that apache scripts (e.g. in PHP) can't access a variable _0, contrary to what apache itself can do in its configuration files (e.g. in requirement statements).
Comment 2 Joe Orton 2014-02-14 11:11:42 UTC 
It would be expensive to have mod_ssl export all the DN components.  If the problem here is specifically with PHP, the right thing to do is to create a hook in the mod_php SAPI so it can make ssl_var_lookup() available to PHP scripts directly - that should be very very simple.
Comment 3 Joe Orton 2014-02-14 11:12:25 UTC 
^ export all the DN components *twice*.